You should setup cake and tagging on the main router and not on the AP, cause AP can't change traffic tagging, etc...!
Thank you for your answer.
I managed to setup my device changing the lan eth0 port into a wan, and setting up direct pppoe connection. Now the isp modem is only a bridge and firewall and dnsmasq are on my openwrt device. I'm trying to setup things right now, let's see what i can do 
1 Like
Mmm i think i need help. I'm trying to mark my torrent application, but unfortunately it uses a random port for downloading... how can i resolve? Is there any way to mark as CS1 anything that Wireshark recognize as BitTorrent "Protocol"?
which BitTorrent client do you use?, you can go to settings and specify a port like 60001.
also it's possible to use windows netqos policy to tag outgoing packets as CS1.
i have a rule that can detect most of torrent traffic.
Popcorn time 
Since i set all my web-surfing traffic at CS2, i tried to set
$IPT -t mangle -A PREROUTING -m connbytes --connbytes 1048576: --connbytes-dir both --connbytes-mode bytes -j DSCP --set-dscp-class CS1
so that even if i don't specify any port, it doesn't interfere with web surfing and youtube video (which is also in CS2 cause it is https traffic, not the cleanest solution i know i'm still learning, but cake it's doing a pretty good job)
It's working well i think
add -p tcp, this will cause problems to udp traffic!
1 Like
Yep, discovered the hard way xD i'm still testing, now i changed approach, setting up ipset for youtube and Netflix. Noob question, how did you find the specific ip for Youtube or Netflix, i mean if i just copy paste your script it works, but i'm curious how did you find /googlevideo.com/*.googlevideo.com, why not inserting the Youtube.com domain? Sorry for the dumb question and thank you so much for your time 
Edit: Also, would you recommend defaulting the flags to CS0 or CS2?, i was reading something about it the posts above but i quite did not understand well
youtube.com is just for browsing and doesn't affect streamed videos!
googlevideo.com is the video streaming domain for all videos and maybe ads too.
for youtube if you used internet download manager to download a video from youtube you will see
that domain always,you can use this to catch videos domain https://addons.mozilla.org/en-US/firefox/addon/grab-any-media/
you are welcome!
for which type of traffic?
$IPT -t mangle -A PREROUTING -i pppoe-wan -j DSCP --set-dscp 0
with this, without rules, all traffic on the interface is CS0, would it make any sense setting this to CS2 instead? ($IPT -t mangle -A PREROUTING -i pppoe-wan -j DSCP --set-dscp-class CS2)
just keep it CS0, this will set incoming dscp marks from internet to CS0(we don't trust isp dscp marks)
Thank you!
Now i'm facing something weird..this is my current firewall.user and i only set up youtube in the dnsmask.conf..
IPT="iptables"
#Clear interface dscp marks, we don't trust ISP marks(also to use our own marks).
$IPT -t mangle -A PREROUTING -i pppoe-wan -j DSCP --set-dscp 0
#Ping
$IPT -t mangle -A PREROUTING -p icmp -j DSCP --set-dscp-class CS6 ##dscp tag for ping packets
#Gaming
$IPT -t mangle -A PREROUTING -p tcp -m multiport --port 9339 -j DSCP --set-dscp-class CS6 #Brawl Stars
$IPT -t mangle -A PREROUTING -p udp -m multiport --port 9339 -j DSCP --set-dscp-class CS6 #Brawl Stars
$IPT -t mangle -A PREROUTING -p udp -m multiport --ports 49003:49006 -j DSCP --set-dscp-class CS6 #GeForceNow
$IPT -t mangle -A PREROUTING -p tcp -m multiport --port 49006 -j DSCP --set-dscp-class CS6 #GeForceNow
#Prova Youtube
$IPT -t mangle -A PREROUTING -m set --match-set vidstream src -j DSCP --set-dscp-class AF41
$IPT -t mangle -A PREROUTING -p tcp -m multiport --dport 1935 -j DSCP --set-dscp-class AF41
Why if i try to do a speedtest using fast.com, it tells me that it is AF41? 
When i try to download an app wireshark correctly shows me CS0
make ping CS5, and replace all PREROUTING to POSTROUTING !
who is told you about AF41? (fast.com)???
just trust wireshark!, you can use tcpdump (run it on br-lan after that run it on pppoe0)on router then open the generated pcap with wire shark and check marks!
Sorry i mean in Wireshark when i do a download test from that site, i see the inbound packets marked as AF41, only for that site, dslreports is CS0 as it should be 
From what i set only youtube videos should be AF41 am i right?
Also why do i have to change to POSTROUTING?
first you have to flush the PREROUTING or POSTROUTING table before reapplying rules(so it won't duplicate).
Right, i think fast.com send packets marked as AF41 or it's your isp!
that's better cause it's have the packet processed and you will see right tags on inbound, so prerouting is not needed at all!
1 Like
But it should be CS0 from this rule
$IPT -t mangle -A POSTROUTING -i pppoe-wan -j DSCP --set-dscp-class CS0
I've an headache 
Btw again thank you so much for helping !
EDIT: The problem is in the youtube rule, if i change that to CS4 instead of AF41, fast.com traffic is marked CS4
$IPT -t mangle -A POSTROUTING -m set --match-set vidstream src -j DSCP --set-dscp-class CS4
Is it possible that fast.com uses the same domain googlevideo of youtube to deliver its speetest?
I did what dlakelan suggested and added 2 cake layers and installed the iptables script with the dscp markings on the ports. I just want to clean up firewall for gaming using iptables marking packets and controlling them.
example:
## game traffic
iptables -t mangle -A dscp_mark -p udp --sport 1119:1120 -j DSCP --set-dscp-class CS5
ip6tables -t mangle -A dscp_mark -p udp --sport 1119:1120 -j DSCP --set-dscp-class CS5
iptables -t mangle -A dscp_mark -p udp --dport 1119:1120 -j DSCP --set-dscp-class CS5
ip6tables -t mangle -A dscp_mark -p udp --dport 1119:1120 -j DSCP --set-dscp-class CS5
I would like these rules to be MAC source marked for the egress and ip destination marked for the ingress.
and I would also like to prioritize a single machine over all other network traffic using iptables
example:
gaming machine class CS5
all other network traffic CS0
I think you can just mark all packets from the given Mac or to the given IP. iptables has a -m mac match, and a dst match, see iptables manual
1 Like
## icmp for egress mac and ingress IP gets CS5
iptables -t mangle -A dscp_mark -p icmp -m mac --mac-source 00:00:00:00:00:00 -j DSCP --set-dscp-class CS5
iptables -t mangle -A dscp_mark -p icmpv6 -m mac --mac-source 00:00:00:00:00:00 -j DSCP --set-dscp-class CS5
iptables -t mangle -A dscp_mark -p icmp -d 192.0.0.0 -j DSCP --set-dscp-class CS5
iptables -t mangle -A dscp_mark -p icmpv6 -d 192.0.0.0 -j DSCP --set-dscp-class CS5
## game traffic egress mac and ingress IP
iptables -t mangle -A dscp_mark -p udp --sport 1119:1120 -m mac --mac-source 00:00:00:00:00:00 -j DSCP --set-dscp-class CS5
ip6tables -t mangle -A dscp_mark -p udp --sport 1119:1120 -m mac --mac-source 00:00:00:00:00:00 -j DSCP --set-dscp-class CS5
iptables -t mangle -A dscp_mark -p udp --dport 1119:1120 -d 192.0.0.0 -j DSCP --set-dscp-class CS5
ip6tables -t mangle -A dscp_mark -p udp --dport 1119:1120 -d 192.0.0.0 -j DSCP --set-dscp-class CS5
If this is correct how do I set all other traffic on the WAN and/or LAN to CS0 or does that even matter now that the packets are prioritized?
its already CS0, if not:
iptables -t mangle -A dscp_mark -i pppoe0 -j DSCP --set-dscp-class CS0
use the same rule but change pppoe0 to br-lan
1 Like